Threat Database Ransomware KeyBTC Ransomware

KeyBTC Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 17
First Seen: May 2, 2016
Last Seen: November 25, 2020
OS(es) Affected: Windows

The KeyBTC Ransomware is an encryption ransomware infection. The KeyBTC Ransomware is used to carry out a common ransomware attack that takes the victim's files inaccessible by encrypting them and then demands the payment of a ransom to decrypt the affected files. The KeyBTC Ransomware may be distributed using corrupted email attachments that may be disguised as shipping or postal notification email messages. These messages contain a harmful ZIP file attachment. Although the compressed file looks like a Microsoft Word document, when opened it is a corrupted JavaScript file with the extension '.JS' which, when opened, may download and install threats on the victim's computer. The KeyBTC Ransomware changes the encrypted files' extensions to '.the KeyBTC@inbox_com,' hinting that the victim should contact this email address to recover from the KeyBTC Ransomware infection. The KeyBTC Ransomware also displays messages with a ransom note, alerting the victim of the infection, and including instructions for payment and decryption.

How the KeyBTC Ransomware Attack Works

The KeyBTC Ransomware uses the PGP/RSA encryption method, generating public and private keys when encrypting the victim's files. The KeyBTC Ransomware creates two different files when encrypting files (File1.bin and File2.bin). These files contain information about the encryption, including the private key. These files are dropped on the victim's Desktop and encrypted by using a different encryption key which is stored on the con artists' computer. It may become almost impossible to decrypt the victim's files without access to the decryption keys. To restore the encrypted files, the victims may have to contact the con artists responsible for this attack using the instructions in the ransom note. These instructions ask the victim to attach the two files on their email. The victim will then receive instructions, including the amount of the ransom and one decrypted file to demonstrate that the con artists can actually decrypt them. The best way to recover from a the KeyBTC Ransomware attack is to restore the encrypted files from a backup. Backing up important files is paramount, and costs only a fraction of what it would cost to recover from one of these types of attacks.

Recovering from a the KeyBTC Ransomware Attack

Paying the KeyBTC Ransomware ransom does not guarantee that the con artists will provide you with the decryption key. More importantly, paying these con artists allows them to continue carrying out these attacks. Because of this, computer users should ensure that all files are properly backed up. You can prevent the KeyBTC Ransomware attacks in the first place by avoiding unsolicited email attachments and using a strong anti-malware program to protect your computer and reduce the amount of spam email in your inbox. The following is an example of the ransom note used by the KeyBTC Ransomware:

ATTENTION:
All your documents, photos, databases and other important personal files were encrypted using strong RSA-1024 algorithm with a unique key. If you want to restore your files please follow the instructions:
1. Send email to the KeyBTC_@_inbox.com, with the following files in attachment:
- FILE1.BIN and FILE2.BIN files (check your desktop and local disks to find these files or just use Windows Search.
- One of your encrypted personal file for test decryption. Supported types: DOC/DOCX, JPG/JPEG, PDF. Maximum file size: 3 Mb.
2. Wait for email from us containing:
- Your decrypted file, proving that we can really help you.
- Decryption price and payment details.
3. Make payment.
4. Receive decryption key and detailed instructions how to decrypt your files.
IMPORTANT:
- You must contact us in 24 hours, unless the price will rise.
- Nobody can help you except us. It is useless to reinstall Windows, rename files, etc.
- Your files will be decrypted as quick as you contact us and make payment.
If you have any question, please feel free to ask.
Contact email: the KeyBTC_@_inbox.com

The KeyBTC Ransomware has a surprisingly reduced list of files that it targets. Some of the files that are typically encrypted by this threat include:
.mdb , .pdf , .rtf , .accdb , .slddrw , .zip , .rar , .max , .jpg , .xls , .xlsx , .doc , .docx , .cdr , .dwg , .1cd , .cd.

Trending

Most Viewed

Loading...